CN103810441A - Multi-granularity remote sensing data access method based on rules - Google Patents
Multi-granularity remote sensing data access method based on rules Download PDFInfo
- Publication number
- CN103810441A CN103810441A CN201410040977.6A CN201410040977A CN103810441A CN 103810441 A CN103810441 A CN 103810441A CN 201410040977 A CN201410040977 A CN 201410040977A CN 103810441 A CN103810441 A CN 103810441A
- Authority
- CN
- China
- Prior art keywords
- remote sensing
- sensing data
- access
- grained
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明公开了一种基于规则的多粒度遥感数据访问方法,包括以下步骤:(1)用户登录,依据用户的组织关系为用户分配不同的角色,每个角色对应一组基本权限,所述基本权限赋予用户对粗粒度遥感数据的访问权限;(2)当用户发出对细粒度遥感数据的访问请求时,依据授权规则对该访问请求进行解析,判断访问请求是否被允许,若访问请求被允许,则授权用户对相应细粒度遥感数据进行访问;若访问请求未被允许,则拒绝用户对相应细粒度遥感数据进行访问。本发明通过预先设定的授权规则,个性化地给予不同角色访问访问权限,满足日益复杂的遥感数据访问需求,并且能够满足遥感数据服务的安全性和保密性需求。
The invention discloses a rule-based multi-granularity remote sensing data access method, which includes the following steps: (1) user login, assigning different roles to the user according to the user's organizational relationship, each role corresponds to a set of basic permissions, the basic Permissions grant users access to coarse-grained remote sensing data; (2) When a user sends an access request to fine-grained remote sensing data, the access request is parsed according to authorization rules to determine whether the access request is allowed, and if the access request is allowed , the user is authorized to access the corresponding fine-grained remote sensing data; if the access request is not allowed, the user is denied access to the corresponding fine-grained remote sensing data. According to the preset authorization rules, the present invention gives access rights to different roles individually, meets the increasingly complex remote sensing data access requirements, and can meet the security and confidentiality requirements of remote sensing data services.
Description
技术领域technical field
本发明涉及遥感技术领域,具体涉及一种基于规则的多粒度遥感数据访问方法。The invention relates to the technical field of remote sensing, in particular to a rule-based multi-granularity remote sensing data access method.
背景技术Background technique
随着全球信息化的发展,空间技术的日益普及,云计算、物联网等高新技术应用越来越广泛,对遥感信息服务提出了更高的要求,积极推动了遥感信息服务的发展。With the development of global informatization, the increasing popularity of space technology, and the increasing application of high-tech such as cloud computing and the Internet of Things, higher requirements are put forward for remote sensing information services, which actively promotes the development of remote sensing information services.
“十二五”期间,国家投入大量资金来提高遥感卫星的数量和品种,中国发射了多颗遥感卫星,包括气象、海洋和环境等成系列的、行业性的卫星体系和组合星座,将形成多分辨率、多类型、高覆盖度的海量多源遥感数据,为遥感信息服务提供了数据基础,中国遥感信息服务进入了一个“黄金期”。During the "Twelfth Five-Year Plan" period, the state invested a lot of money to increase the number and variety of remote sensing satellites. China launched a number of remote sensing satellites, including a series of industrial satellite systems and combined constellations for meteorology, ocean and environment, which will form Massive multi-source remote sensing data with multiple resolutions, multiple types, and high coverage provides a data foundation for remote sensing information services, and China's remote sensing information services have entered a "golden period."
遥感信息服务向着多用户、多应用和大规模的方向发展,数据量越来越大,业务关系越来越复杂,对遥感系统的数据安全方面有着越来越高的需求,而且遥感数据往往涉及到军事机密、商业秘密和个人隐私等问题,所以遥感数据的使用安全性能应该放在第一位来考虑。Remote sensing information services are developing towards multi-users, multi-applications and large-scale. The amount of data is increasing, and business relationships are becoming more and more complex. There is an increasing demand for data security in remote sensing systems, and remote sensing data often involves Considering issues such as military secrets, commercial secrets, and personal privacy, the security performance of remote sensing data should be considered in the first place.
遥感数据安全性是遥感技术研究与应用必不可少的组成部分,数据访问控制机制更是数据安全必不可少的一部分,但是,由于遥感数据的特殊性和敏感性,一般的访问控制机制往往不能满足系统对遥感数据访问控制的需求,遥感数据的访问控制,往往需要细粒度级别的控制,如具体到数据的某一属性,或者考虑数据的时空关系。Remote sensing data security is an indispensable part of remote sensing technology research and application, and data access control mechanism is an indispensable part of data security. However, due to the particularity and sensitivity of remote sensing data, general access control mechanisms often cannot To meet the system's requirements for access control of remote sensing data, the access control of remote sensing data often requires fine-grained control, such as specific to a certain attribute of the data, or consider the temporal and spatial relationship of the data.
由于目前对遥感数据安全进行全面描述的规范和文档还比较缺乏,许多遥感信息服务仅使用用户名密码保护,对敏感数据则一律不开放,这难以满足数据共享的需求,并且严重影响国家遥感技术的发展。因此,需要提供一种遥感数据的访问控制方法,满足遥感数据访问的安全性和便捷性要求。Due to the lack of specifications and documents that comprehensively describe the security of remote sensing data, many remote sensing information services are only protected by user names and passwords, and sensitive data are not open. This is difficult to meet the needs of data sharing and seriously affects the national remote sensing technology. development of. Therefore, it is necessary to provide an access control method for remote sensing data to meet the security and convenience requirements of remote sensing data access.
发明内容Contents of the invention
本发明提供了一种基于规则的多粒度遥感数据访问方法,通过预先设定的授权规则,个性化地给予不同角色访问访问权限,满足日益复杂的遥感数据访问需求,并且能够满足遥感数据服务的安全性和保密性需求。The present invention provides a rule-based multi-granularity remote sensing data access method, through the pre-set authorization rules, different roles are given individualized access rights to meet the increasingly complex remote sensing data access requirements, and can meet the requirements of remote sensing data services Security and confidentiality needs.
一种基于规则的多粒度遥感数据访问方法,所述多粒度遥感数据包括粗粒度遥感数据和细粒度遥感数据,所述粗粒度遥感数据包括遥感数据集、遥感数据库以及遥感数据表;所述细粒度遥感数据包括单个遥感数据、遥感数据记录以及遥感数据属性;A method for accessing multi-granularity remote sensing data based on rules, the multi-granularity remote sensing data includes coarse-grained remote sensing data and fine-grained remote sensing data, the coarse-grained remote sensing data includes remote sensing data sets, remote sensing databases and remote sensing data tables; the fine-grained Granular remote sensing data includes individual remote sensing data, remote sensing data records, and remote sensing data attributes;
所述多粒度遥感数据访问方法包括以下步骤:The multi-granularity remote sensing data access method includes the following steps:
(1)用户登录,依据用户的组织关系为用户分配不同的角色,每个角色对应一组基本权限,所述基本权限赋予用户对粗粒度遥感数据的访问权限。(1) User login, assign different roles to users according to their organizational relationship, each role corresponds to a set of basic permissions, and the basic permissions give users access to coarse-grained remote sensing data.
组织关系包括单位、部门等实际的组织机构,也包括项目组、学术圈等临时的组织,甚至也包括虚拟组织。Organizational relationships include actual organizations such as units and departments, temporary organizations such as project teams and academic circles, and even virtual organizations.
用户、角色和基本权限之间为多对多的关系,即一个用户可能对应多种角色,一种角色可以对应多个基本权限(多个基本权限构成一组权限),通过角色分配,用户可以获得基本权限,即获得对粗粒度遥感数据的访问权限。There is a many-to-many relationship among users, roles, and basic permissions, that is, a user may correspond to multiple roles, and a role may correspond to multiple basic permissions (multiple basic permissions constitute a set of permissions). Through role assignment, users can Obtain basic permissions, that is, gain access to coarse-grained remote sensing data.
(2)当用户发出对细粒度遥感数据的访问请求时,依据授权规则对该访问请求进行解析,判断访问请求是否被允许,(2) When the user issues an access request for fine-grained remote sensing data, the access request is analyzed according to the authorization rules to determine whether the access request is allowed,
若访问请求被允许,则授权用户对相应细粒度遥感数据进行访问;If the access request is allowed, the user is authorized to access the corresponding fine-grained remote sensing data;
若访问请求未被允许,则拒绝用户对相应细粒度遥感数据进行访问。当访问请求未被允许时,向用户说明未被允许的原因。If the access request is not allowed, the user is denied access to the corresponding fine-grained remote sensing data. When the access request is not allowed, explain to the user why it is not allowed.
所述访问包括针对遥感数据的增加、删除、修改、查询和下载。用户对多粒度遥感数据访问后,记录访问过程。The access includes addition, deletion, modification, query and download of remote sensing data. After the user accesses the multi-granularity remote sensing data, the access process is recorded.
所述依据授权规则对该访问请求进行解析,具体包括以下步骤:The parsing of the access request according to the authorization rules specifically includes the following steps:
2-1、获取用户的角色、用户所要进行的访问请求;2-1. Obtain the role of the user and the access request the user wants to make;
2-2、依据细粒度遥感数据的特征以及步骤2-1所获得信息判断访问请求是否被允许。2-2. Determine whether the access request is allowed based on the characteristics of the fine-grained remote sensing data and the information obtained in step 2-1.
本发明基于规则的多粒度遥感数据访问方法,结合基于角色的访问控制模型和规则引擎技术,实现遥感数据服务在用户、数据两个维度的多粒度访问控制,提高遥感数据服务的数据安全性和保密性,促进遥感数据的共享和应用,通过遥感数据授权规则的动态增删和组合,灵活实现复杂的细粒度访问控制,满足负责访问逻辑的需求,通过状态保存、规则匹配缓存等机制优化访问控制的性能,防止复杂的访问控制导致系统性能的下降。The rule-based multi-granularity remote sensing data access method of the present invention, combined with the role-based access control model and rule engine technology, realizes multi-granularity access control of remote sensing data services in the two dimensions of user and data, and improves the data security and security of remote sensing data services. Confidentiality, to promote the sharing and application of remote sensing data, through the dynamic addition, deletion and combination of remote sensing data authorization rules, to flexibly realize complex fine-grained access control, to meet the needs of responsible access logic, to optimize access control through state preservation, rule matching cache and other mechanisms performance, preventing complex access control from degrading system performance.
附图说明Description of drawings
图1为本发明基于规则的多粒度遥感数据访问方法的框架图;Fig. 1 is the frame diagram of the rule-based multi-granularity remote sensing data access method of the present invention;
图2为本发明基于规则的多粒度遥感数据访问方法中基于授权规则的验证系统组成图;2 is a composition diagram of a verification system based on authorization rules in the rule-based multi-granularity remote sensing data access method of the present invention;
图3为本发明基于规则的多粒度遥感数据访问方法中授权规则的组成结构图;Fig. 3 is a composition structure diagram of authorization rules in the rule-based multi-granularity remote sensing data access method of the present invention;
图4为本发明基于规则的多粒度遥感数据访问方法中规则引擎的工作流程图。Fig. 4 is a working flow chart of the rule engine in the rule-based multi-granularity remote sensing data access method of the present invention.
具体实施方式Detailed ways
下面结合附图,对本发明基于规则的多粒度遥感数据访问方法做详细描述。The rule-based multi-granularity remote sensing data access method of the present invention will be described in detail below in conjunction with the accompanying drawings.
如图1所示,一种基于规则的多粒度遥感数据访问方法,多粒度遥感数据包括粗粒度遥感数据和细粒度遥感数据,粗粒度遥感数据包括遥感数据集、遥感数据库以及遥感数据表;细粒度遥感数据包括单个遥感数据、遥感数据记录以及遥感数据属性;As shown in Figure 1, a rule-based method for accessing multi-grained remote sensing data. Multi-grained remote sensing data includes coarse-grained remote sensing data and fine-grained remote sensing data. Coarse-grained remote sensing data includes remote sensing datasets, remote sensing databases, and remote sensing data tables; Granular remote sensing data includes individual remote sensing data, remote sensing data records, and remote sensing data attributes;
多粒度遥感数据访问方法包括以下步骤:The multi-granularity remote sensing data access method includes the following steps:
(1)用户登录,依据用户的组织关系为用户分配不同的角色,每个角色对应一组基本权限,基本权限赋予用户对粗粒度遥感数据的访问权限。(1) User login, assign different roles to users according to their organizational relationship, each role corresponds to a set of basic permissions, and basic permissions give users access to coarse-grained remote sensing data.
用户登录时,将用户、角色和基本权限之间的映射关系加载到内存中,由于这些数据经常使用且数据量较小,加载到内存中可以加快基本权限的验证。When a user logs in, the mapping relationship between users, roles, and basic permissions is loaded into memory. Since these data are frequently used and the data volume is small, loading them into memory can speed up the verification of basic permissions.
(2)当用户发出对细粒度遥感数据的访问请求时,依据授权规则对该访问请求进行解析,判断访问请求是否被允许,(2) When the user issues an access request for fine-grained remote sensing data, the access request is analyzed according to the authorization rules to determine whether the access request is allowed,
若访问请求被允许,则授权用户对相应细粒度遥感数据进行访问;If the access request is allowed, the user is authorized to access the corresponding fine-grained remote sensing data;
若访问请求未被允许,则拒绝用户对相应细粒度遥感数据进行访问。If the access request is not allowed, the user is denied access to the corresponding fine-grained remote sensing data.
粗粒度数据的访问使用RBAC(Role-Based Access Control)模式,细粒度遥感数据的访问使用授权规则。用户对多粒度遥感数据访问后,记录访问过程。Access to coarse-grained data uses the RBAC (Role-Based Access Control) model, and access to fine-grained remote sensing data uses authorization rules. After the user accesses the multi-granularity remote sensing data, the access process is recorded.
如图3所示,授权规则由决策、用户分类、资源分类、操作和说明组成,其中,决策包括允许和拒绝两种,在逻辑上可以互换;用户分类是指依据一定的条件,将用户分为若干类;资源包括界面元素、功能模块和遥感数据对象,主要是指遥感数据资源,资源分类是指依据一定的条件,将遥感数据资源分为若干类;操作即访问,包括针对遥感数据的修改(包括增加、删除、修改、查询)和下载,当资源被定义为界面元素、功能模块时,操作为null;说明用于构建授权结果的信息,当访问请求未被允许时,向用户说明未被允许的原因。As shown in Figure 3, authorization rules are composed of decision-making, user classification, resource classification, operation, and description. Among them, decision-making includes two types of permission and denial, which are logically interchangeable; user classification refers to classifying users according to certain conditions. Divided into several categories; resources include interface elements, functional modules and remote sensing data objects, mainly referring to remote sensing data resources, resource classification refers to dividing remote sensing data resources into several categories based on certain conditions; operation is access, including for remote sensing data modification (including adding, deleting, modifying, querying) and downloading, when the resource is defined as an interface element or a functional module, the operation is null; it describes the information used to construct the authorization result, and when the access request is not allowed, the user is sent State the reason for disapproval.
用户分类属于动态划分,与角色的含义并不完全相同,使用授权规则对用户进行描述,如果用户满足授权规则的描述,则属于某一用户分类,通过授权规则的运算得到隶属关系,而不需要事先用户划分至某一用户分类。User classification belongs to dynamic division, which is not exactly the same as role. Authorization rules are used to describe users. If a user satisfies the description of authorization rules, it belongs to a certain user classification. The affiliation relationship is obtained through the operation of authorization rules. Users are classified into a certain user category in advance.
资源分类也属于动态划分,使用授权规则对资源进行描述,如果资源满足授权规则的描述,则属于某一资源分类,通过授权规则的运算得到隶属关系,而不需要事先资源划分至某一资源分类。Resource classification is also a dynamic division. Authorization rules are used to describe resources. If a resource satisfies the description of authorization rules, it belongs to a certain resource classification. The affiliation relationship is obtained through the operation of authorization rules without prior resource classification to a certain resource classification. .
访问请求至少包括以下信息:用户、所要访问的资源以及需要对资源进行的操作。授权规则可以依据需要进行设定,例如,若需要访问的遥感数据的精度超过一定阈值,则只允许管理员访问。通过结合RBAC模型和规则引擎技术,实现遥感数据服务的灵活定制。The access request includes at least the following information: the user, the resource to be accessed, and the operation to be performed on the resource. Authorization rules can be set according to needs. For example, if the accuracy of remote sensing data to be accessed exceeds a certain threshold, only administrators are allowed to access it. By combining RBAC model and rule engine technology, flexible customization of remote sensing data services is realized.
依据授权规则对该访问请求进行解析,判断访问请求是否被允许,访问请求的允许和拒绝通过过滤器链实现,过滤器链由一组具有先后顺序的过滤器组成,每个过滤器设定自己的拦截条件,当访问请求满足拦截条件时,过滤器将其拦截并进行验证,如果通过验证,则将访问请求交给下一过滤器,若访问请求通过所有过滤器,则允许访问请求;若访问请求未通过所有过滤器,则拒绝访问请求。Analyze the access request according to the authorization rules, and judge whether the access request is allowed. The permission and rejection of the access request are realized through the filter chain. The filter chain is composed of a set of filters in sequence, and each filter sets its own The interception condition, when the access request meets the interception condition, the filter will intercept and verify it, if it passes the verification, the access request will be handed over to the next filter, if the access request passes all filters, the access request will be allowed; if If the access request does not pass all the filters, the access request is denied.
依据所要访问的遥感数据的不同,过滤器链的行为可以分为以下三种:According to the different remote sensing data to be accessed, the behavior of the filter chain can be divided into the following three types:
1)需要访问粗粒度遥感数据,只进行基于角色的基本权限的验证;即将用户访问请求映射为对应的一组权限,然后在内存中查找用户的权限集,若用户拥有访问请求所需要的所有权限,则验证通过允许访问,否则拒绝访问。1) It is necessary to access coarse-grained remote sensing data, and only verify the basic permissions based on roles; that is, map user access requests to a corresponding set of permissions, and then look up the user's permission set in memory. If the user has all the permissions required by the access request Permissions, then the authentication passes to allow access, otherwise deny access.
2)需要访问细粒度遥感数据,进行基于授权规则的验证;2) It is necessary to access fine-grained remote sensing data and perform verification based on authorization rules;
基于授权规则的验证系统的组成如图2所示,包括规则引擎、规则编辑器、图形化管理模块以及安全服务模块(Spring Security),其中规则引擎的功能包括解析、验证和授权、规则编辑器的功能包括制定以及测试规则,图形化管理模块可以显示用户、角色以及权限,安全日志系统用于记录日志,以Spring Security为基础,实现基于角色的访问控制,并借助过滤器链控制基于角色和基于授权规则的访问流程。The composition of the verification system based on authorization rules is shown in Figure 2, including a rule engine, a rule editor, a graphical management module, and a security service module (Spring Security). The functions of the rule engine include parsing, verification and authorization, and the rule editor The functions include formulating and testing rules. The graphical management module can display users, roles and permissions. The security log system is used to record logs. Based on Spring Security, role-based access control is realized, and the filter chain is used to control role-based and access control. Access flow based on authorization rules.
基于授权规则的验证过程利用规则引擎处理,如图4所示,验证步骤如下:The verification process based on authorization rules is processed by the rule engine, as shown in Figure 4, and the verification steps are as follows:
a)请求过滤器与规则引擎通过统一API接口进行对接;a) The request filter and the rule engine are connected through a unified API interface;
b)规则引擎将访问请求中的用户和所要访问的资源转发给规则解析器,同时,规则引擎访问规则库,将规则库中与访问请求相关的规则信息转发给规则解析器;b) The rule engine forwards the user in the access request and the resource to be accessed to the rule parser. At the same time, the rule engine accesses the rule base and forwards the rule information related to the access request in the rule base to the rule parser;
c、规则解析器对访问请求进行解析和封装,将生成的解析结果转发给规则验证器;解析具体包括以下步骤:2-1、获取用户的角色、用户所要进行的访问请求;2-2、依据细粒度遥感数据的特征以及步骤2-1所获得信息判断访问请求是否被允许。c. The rule parser parses and encapsulates the access request, and forwards the generated parsing result to the rule verifier; parsing specifically includes the following steps: 2-1, obtaining the role of the user, and the access request the user wants to make; 2-2, According to the characteristics of the fine-grained remote sensing data and the information obtained in step 2-1, it is judged whether the access request is allowed.
d、规则验证器根据配置文件访问需要验证的源数据信息(包括用户信息和资源属性),并将源数据信息与授权规则进行匹配,生成验证结果;d. The rule verifier accesses the source data information (including user information and resource attributes) that needs to be verified according to the configuration file, and matches the source data information with the authorization rules to generate verification results;
e、规则授权器将验证结果进行封装返回给请求过滤器,并触发安全日志系统写日志。e. The rule authorizer encapsulates the verification result and returns it to the request filter, and triggers the security log system to write logs.
f、请求过滤器依据验证结果接受或者拒绝用户访问请求。f. The request filter accepts or rejects the user access request according to the verification result.
3)需要同时访问粗粒度遥感数据和细粒度遥感数据,首先进行基于角色的基本权限的验证,然后进行基于授权规则的验证。3) It is necessary to access coarse-grained remote sensing data and fine-grained remote sensing data at the same time, first verify the basic permissions based on roles, and then verify based on authorization rules.
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410040977.6A CN103810441A (en) | 2014-01-28 | 2014-01-28 | Multi-granularity remote sensing data access method based on rules |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410040977.6A CN103810441A (en) | 2014-01-28 | 2014-01-28 | Multi-granularity remote sensing data access method based on rules |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103810441A true CN103810441A (en) | 2014-05-21 |
Family
ID=50707190
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410040977.6A Pending CN103810441A (en) | 2014-01-28 | 2014-01-28 | Multi-granularity remote sensing data access method based on rules |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103810441A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106411895A (en) * | 2016-09-29 | 2017-02-15 | 中国科学院计算技术研究所 | Multi-granularity distributed information stream control method and system |
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN106778303A (en) * | 2016-12-07 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Delegated strategy optimization method and delegated strategy optimization device |
| CN108536823A (en) * | 2018-04-10 | 2018-09-14 | 北京工业大学 | A kind of caching design and querying method of Internet of Things perception big data |
| CN109165518A (en) * | 2018-09-12 | 2019-01-08 | 浪潮软件集团有限公司 | Data authority division management method and device |
| CN114139190A (en) * | 2021-12-08 | 2022-03-04 | 兴业银行股份有限公司 | Filter-based dynamic permission control method and system |
| EP3861475A4 (en) * | 2018-10-03 | 2022-06-29 | Equifax Inc. | Controlling access to multi-granularity data |
| US11425144B2 (en) | 2018-05-16 | 2022-08-23 | Equifax Inc. | Controlling access to multi-granularity data |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1537262A (en) * | 2001-05-24 | 2004-10-13 | �Ҵ���˾ | Method and system for role-based access control model with active roles |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
-
2014
- 2014-01-28 CN CN201410040977.6A patent/CN103810441A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1537262A (en) * | 2001-05-24 | 2004-10-13 | �Ҵ���˾ | Method and system for role-based access control model with active roles |
| CN101034990A (en) * | 2007-02-14 | 2007-09-12 | 华为技术有限公司 | Right management method and device |
| CN101631116A (en) * | 2009-08-10 | 2010-01-20 | 中国科学院地理科学与资源研究所 | Distributed dual-license and access control method and system |
Non-Patent Citations (2)
| Title |
|---|
| 於光灿等: "《基于特征的空间数据访问控制模型研究》", 《计算机科学》 * |
| 韩言妮等: "《数据库层上的细粒度访问控制技术》", 《燕山大学学报》 * |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407823A (en) * | 2016-09-26 | 2017-02-15 | 中国科学院计算技术研究所 | A multi-granularity and multi-intensity access control method and system |
| CN106407823B (en) * | 2016-09-26 | 2019-07-30 | 中国科学院计算技术研究所 | A kind of more intensity access control methods of more granularities and system |
| CN106411895A (en) * | 2016-09-29 | 2017-02-15 | 中国科学院计算技术研究所 | Multi-granularity distributed information stream control method and system |
| CN106411895B (en) * | 2016-09-29 | 2019-04-30 | 中国科学院计算技术研究所 | A multi-granularity distributed information flow control method and system |
| CN106778303B (en) * | 2016-12-07 | 2020-03-17 | 腾讯科技(深圳)有限公司 | Authorization policy optimization method and authorization policy optimization device |
| CN106778303A (en) * | 2016-12-07 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Delegated strategy optimization method and delegated strategy optimization device |
| US11122089B2 (en) | 2016-12-07 | 2021-09-14 | Tencent Technology (Shenzhen) Company Limited | Authorization policy optimization method and apparatus, and storage medium |
| CN108536823A (en) * | 2018-04-10 | 2018-09-14 | 北京工业大学 | A kind of caching design and querying method of Internet of Things perception big data |
| CN108536823B (en) * | 2018-04-10 | 2022-02-15 | 北京工业大学 | A cache design and query method for IoT-aware big data |
| US11425144B2 (en) | 2018-05-16 | 2022-08-23 | Equifax Inc. | Controlling access to multi-granularity data |
| US11489843B2 (en) | 2018-05-16 | 2022-11-01 | Equifax Inc. | Controlling access to secured data via timed filtering of data |
| US12341784B2 (en) | 2018-05-16 | 2025-06-24 | Equifax Inc. | Controlling access to secured data via timed filtering of data |
| CN109165518A (en) * | 2018-09-12 | 2019-01-08 | 浪潮软件集团有限公司 | Data authority division management method and device |
| EP3861475A4 (en) * | 2018-10-03 | 2022-06-29 | Equifax Inc. | Controlling access to multi-granularity data |
| CN114139190A (en) * | 2021-12-08 | 2022-03-04 | 兴业银行股份有限公司 | Filter-based dynamic permission control method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12406080B1 (en) | Viewing protected document pages in a web browser | |
| US10812531B2 (en) | Metadata-based cloud security | |
| CN103810441A (en) | Multi-granularity remote sensing data access method based on rules | |
| WO2022012669A1 (en) | Data access method and device, and storage medium and electronic device | |
| US20240273185A1 (en) | Introspection driven by incidents for controlling infiltration | |
| US11750652B2 (en) | Generating false data for suspicious users | |
| CN113743955A (en) | Food material traceability data security access control method based on intelligent contract | |
| US12184760B2 (en) | System and method of granting a user data processor access to a container of user data | |
| US11995126B2 (en) | Projection constraints enforced in a database system | |
| US11947694B2 (en) | Dynamic virtual honeypot utilizing honey tokens and data masking | |
| Singh | Security analysis of mongodb | |
| CN114969716A (en) | Authority management method, device, electronic equipment and medium | |
| Kobiela | The security of mobile business applications based on mCRM | |
| US12242637B2 (en) | Augmented intelligent machine for systematic attribution of data security | |
| US20240160785A1 (en) | Knowledge encoding based mapping of knowledge objects for data compliance | |
| US20240311505A1 (en) | Techniques for securely executing attested code in a collaborative environment | |
| Kumar et al. | Security Analysis of Mongodb |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140521 |